The active exploitation of zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure and Ivanti Policy Secure gateways presents a serious threat, allowing unauthorized remote code execution. The actor, recognized as the Chinese nation-state-level entity UTA0178, employed these exploits for system compromise, underscoring the urgency for affected organizations to promptly apply mitigations, conduct comprehensive post-compromise analyses, and implement forthcoming patches.